User Profile

I have a two-level view-based NSOutlineView, employing a data-source and delegate. It is not populated by binding. My code is all ObjC, and my problem persist since MacOS 10.11 to the current MacOS 14.4.x Because of some specific visual issue, I use a very simple subclass of NSTableRowView, which has only this: @implementation MYRowView - (void)drawRect:(NSRect)dirtyRect { self.emphasized = NO; // this affects the complicated color scheme for selection - will not use the "alternateColor" for drawing, but rather the "secondary color" - who knows what it is. This way our texts and icons and progress do NOT disappear on selected rows. [super drawRect:dirtyRect]; } @end And then later, in my NSOutlineView delegate: -(NSTableRowView *)outlineView:(NSOutlineView *)outlineView rowViewForItem:(id)item { return [OITRowView new]; } There are, other more complicated @interface OITOutlineCellView : NSTableCellView That I makeViewWithIdentifier:owner: and populate in response to NSOutlineView - (NSView *)outlineView:(NSOutlineView *)outlineView viewForTableColumn:(NSTableColumn *)tableColumn item:(id)item { Now I noticed that after adding several items (top level) with some thousands sub-level items to my outline-view, and then REMOVING them and reloading all data - my app's memory is ever increasing When I used the memory graph feature in Xcode debugger - I found a huge number (actually identical to the maximum number of rows) - all of the class MYRowView. Interestingly enough - none of my cell-views remained in memory. Now I verified - my data source reported zero items, the UI looks empty, and all functions as expected - except for this "leak" of MYRowView objects. As you can see in the code (copied exactly from my app) I only create them - and return them to the OS - I never hold any reference to these objects. So.... What Am I doing wrong, and what can I do to alleviate the issue?? The methods [NSOutlineView reloadItem:reloadChildren:] and [NSTableView reloadData] are documented to "release all related views" -- but obviously they DONT. my app gets to ~300 MB (started at 20MB) with about 7500 rows Idea anyone? What to check? what to try?

Hi, I have a long process that I need to report to the User via UNNotificationCenter (local) notifications. Say - scanning a big folder with thousands of files, finding and reporting "bad ones" as they are identified. I currently emit periodic notifications, keeping the same "thread identifier", which causes each new notification to replace the one displayed, thus updating the texts. However - when they become many, the behavior is inconsistent and it looks bad. What I'd like to do is: Have a single DELIVERED notification (displayed on-screen) that will change its contents (say- advances a progress bar, and updates its text periodically. I KNOW that this is possible, because Apple publishes a notification almost identical to what I need in AirDrop UI. When a bunch of documents are dropped by some external device onto my Mac - I receive a notification like this: Which updates until the file transfer is finished. I searched both these forums, the documentation, and other resources, but did NOT find any hint on how to implement such thing. There's something for iOS called "App Extension" that can customize Notification UI - but I did not find any documentation or code-sample or anything - and all I found was descriptions of behavior on iOS, so I'm not sure that's the way to do it on MacOS. Can you please advise?

Hi. My MacOS application (Obj-C, Cocoa MacOS 10.15 or later) sets itself as delegate for UNNotificationCenter, and implements both - (void)userNotificationCenter:(UNUserNotificationCenter *)center        willPresentNotification:(UNNotification *)notification          withCompletionHandler:(void (^)(UNNotificationPresentationOptions))completionHandler and - (void)userNotificationCenter:(UNUserNotificationCenter *)center didReceiveNotificationResponse:(nonnull UNNotificationResponse *)response          withCompletionHandler:(nonnull void (^)(void))completionHandler It creates and schedules many user-notifications (mostly with no "trigger" meaning - present to the user ASAP and sometimes 2.5 seconds in the future, so to group notifications better. Each notification is also holding som dictionary of "UserInfo" containing some data. My AppDelegates handles user responses (both standard open, cancellation, and "cancel-all") and also custom user-actions I attach to the category. All works well on most Macs and almost always. However - On few Macs, at arbitrary times, users complain that "clicking a notification in Notification Center will not open the app" and that "expected notifications are missing altogether". My logs show the following. Quite frequently I see the following: error log lines: 2023-02-16 17:32:21.413065+0200 0xa58109d Error 0x0 51690 0 <UserNotifications`__104-[UNUserNotificationServiceConnection addNotificationRequest:forBundleIdentifier:withCompletionHandler:]_block_invoke_2.cold.1> myApp: (UserNotifications) [com.apple.UserNotifications:Connections] [com.myCompany.myApp] Adding notification request failed with error: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service on pid 451 named com.apple.usernotifications.usernotificationservice" UserInfo={NSDebugDescription=connection to service on pid 451 named com.apple.usernotifications.usernotificationservice} followed by my own log lines - like this: 2023-02-16 17:32:21.413279+0200 0xa5811b5 Error 0x0 51690 10 <myApp> myApp: [com.myCompany.myApp:UI] NotificationRequest B6096CDE-6229-42AA-A6BC-EBCC06540C53 stage:scanFinished failed to schedule: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service on pid 451 named com.apple.usernotifications.usernotificationservice" UserInfo={NSDebugDescription=connection to service on pid 451 named com.apple.usernotifications.usernotificationservice} Of course - the un-scheduled notification won't appear to the user, but worse - clicks on other, DELIVERED notifications, won't call back my delegate. Strangely enough - few seconds later, sometimes minutes - other attempts to schedule new notifications - succeed without any error. I guess this "connection" is somehow automatically re-established. I looked for information about this error (Domain=NSCocoaErrorDomain Code=4097) and it seems to be pretty generic, and used for many scenarios where connection to some service is lost. Of course my code doesn't maintain any such connection manually/programmatically - I guess it is the [UNUserNotificationCenter currentNotificationCenter] implementation which holds connection to its "daemon" or "agent" or some XPC service. The really bad thing here - is that I DO NOT KNOW how to improve anything here. [UNUserNotificationCenter currentNotificationCenter] Is a singleton, that I can't control, or re-create, to somehow revive the connection There is no way I know of, to tell it to do so, or even to check whether it has a connection. I rely on Notification-Center to maintain my MODEL DATA for scheduled requests, in case my App is relaunched - and now I can't get it. Please advise. this is quite urgent for me. The issue appears more on Big Sur.

Hi. I develop an EndpointSecurity Client (running as root in the system-domain - a launchDaemon defined in /Library/LaunchDaemons/com.company.daemon-name.plist I register to few "AUTH" events, which I handle on a high-priority concurrent dispatch_queue, using fairly efficient code - so to ensure I meet the EndpointSecurity message deadlines. These are the event types I register for:  ES_EVENT_TYPE_AUTH_EXEC,  ES_EVENT_TYPE_AUTH_OPEN, ES_EVENT_TYPE_AUTH_CREATE, ES_EVENT_TYPE_AUTH_CLONE, ES_EVENT_TYPE_AUTH_RENAME, ES_EVENT_TYPE_AUTH_EXCHANGEDATA My daemon seems to handle events in very high loads without a hitch, usually takes round 0.1%-1% of the CPU and almost never more than 10-20MB of RAM - it's very lightweight, and works fine. HOWEVER - on some customer Macs (Enterprise Macs with lots of IT background processes on them - antivirus packages, software-updaters, and remote-control tools, I see crash logs of my tool, occurring usually when the Mac is unattended (late night, or Mac is asleep). They all have this in common. The crash reason: Exception Codes: 0x0000000000000000, 0x0000000000000000 Termination Reason: Namespace ENDPOINTSECURITY, Code 2 EndpointSecurity client terminated because it failed to respond to a message before its deadline I've done fair statistics, and the minimum deadlines I get are ~30 seconds (LOTS OF TIME!!!) whereas my code usually takes no more than 10 milliseconds to respond to EndpointSecurity framework. But the crash log also shows that all "working threads" (code-blocks on my Event-Handling dispatch_queue) are stuck in the same OS call - namely: 6 AppKit 0x7ff80db366b4 -[NSWorkspace isFilePackageAtPath:] + 104 In most cases I have 6 or 8 such concurrent blocks pending. This is not the bottom of the stack - they all look like this: Thread 4:: Dispatch queue: Event Handling Queue 0 libsystem_kernel.dylib 0x7ff809f94e0e __getattrlist + 10 1 CoreServicesInternal 0x7ff80cffbe98 corePropertyProviderPrepareValues(__CFURL const*, __FileCache*, __CFString const* const*, void const**, long, void const*, __CFError**) + 798 2 CoreServicesInternal 0x7ff80cffbb19 prepareValuesForBitmap(__CFURL const*, __FileCache*, _FilePropertyBitmap*, __CFError**) + 394 3 CoreServicesInternal 0x7ff80cff8421 _FSURLCopyResourcePropertyForKeyInternal(__CFURL const*, __CFString const*, void*, void*, __CFError**, unsigned char) + 277 4 CoreFoundation 0x7ff80a084e50 CFURLCopyResourcePropertyForKey + 96 5 CoreFoundation 0x7ff80a09904e -[NSURL getResourceValue:forKey:error:] + 110 6 AppKit 0x7ff80db366b4 -[NSWorkspace isFilePackageAtPath:] + 104 7 ITProtector 0x10ed8da73 0x10ed58000 + 219763 Bottom line is my code - which calls NSWorkspace to determine if a file I need to Authorize is a bundle or not. My conclusion is that the call hangs forever because (Maybe?) LaunchServices, or the File-system service are busy or pushing back or very busy doing something - I don't know, and I can't reproduce on any of my Macs - As I say this randomly happens on customer Macs when they're unattended. I now have two distinct problems using -[NSWorkspace isFilePackageAtPath:] (or any alternative I found so far). The call is usually very fast - but now I can't know in advance how much time it will take. The call and all its alternatives - are synchronous. Haven't found asynchronous replacement I could call, to introduce my own "timeouts" on the issue. I need help here - what can cause this API to hang for over a minute? Where to start looking? last - What activity of the OS can impose such long block on this fairly basic File-system query? Any idea or suggestion or lead would be greatly appreciated. Thanks! Contents of sample ITProtector.ips crash log

I have a global daemon managed by launchd, whose .plist is installed in /Library/LaunchDaemons). To be correctly entitled and code-signed so it can communicate with EndpointSecurity framework, its executable resides in a normal Mac App bundle (main() will run as minimal UI when launched from UI, and as a daemon when launched by launchd). This means that the ProgramArguments.0 in its .plist looks something like /Library/PrivilegedHelperTools/MyDaemonApp.app/Contents/MacOS/MyDaemonApp Now I need this daemon to publish an XPC Service (with few control commands) so that other components of our system (UI app, a user-context launchd-daemon and another launchd global-daemon) will be able to connect to The XPC Service and control it via the published protocol. I read some answers here, and also found a working order sample code that does just this here - https://github.com/jdspoone/SampleOSXLaunchDaemon But when I apply its content to my global daemon, word for word - it doesn't work - meaning, clients cannot create a connection to The XPC Service. The daemon is up and running, and functional. its .plist is quite simple and looks like this: <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>com.mycompany.itm.service</string> <key>KeepAlive</key> <true/> <key>RunAtLoad</key> <true/> <key>MachServices</key> <dict> <key>com.mycompany.itm.service</key> <true/> </dict> <key>ProgramArguments</key> <array> <string>/Library/PrivilegedHelperTools/IMyDaemonApp.app/Contents/MacOS/MyDaemonApp</string> <string>-monitor</string> <string>-protectDeviceProtocol</string> <string>USB</string> </array> </dict> </plist> It creates and starts an XPC listener in MYXPCListener.h like thus: #import <Foundation/Foundation.h> #import "MYXPCProtocol.h" NS_ASSUME_NONNULL_BEGIN @interface OITPreventionXPCService : NSObject (instancetype) init; (void) start; /* Begin listening for incoming XPC connections */ (void) stop; /* Stop listening for incoming XPC connections */ @end NS_ASSUME_NONNULL_END and the implementation is: /* AppDelegate.m */ @interface MYXPCService () <NSXPCListenerDelegate, OITPreventionXPCProtocol> @property (nonatomic, strong, readwrite) NSXPCListener *listener; @property (nonatomic, readwrite) BOOL started; @end @implementation OITPreventionXPCService (instancetype) init {     if ((self = [super init]) != nil) {         _listener = [[NSXPCListener alloc] initWithMachServiceName:@"com.mycompany.itm.service"];         _listener.delegate = self;         if (_listener == nil) {             os_log_error(myLog, "XPCListener failed to initialize");         }         _started = NO;     }     return self; } (void) start {     assert(_started == NO);     [_listener resume];     os_log_info(myLog, "XPCListener resumed");     _started = YES; } (void) stop {     assert(_started == YES);     [_listener suspend];     os_log_info(myLog, "XPCListener suspended");     _started = NO; } /* NSXPCListenerDelegate implementation */ (BOOL) listener:(NSXPCListener *)listener shouldAcceptNewConnection:(NSXPCConnection *)newConnection {     os_log_info(myLog, "Prevention XPCListener is bequsted a new connection");     assert(listener == _listener);     assert(newConnection != nil);     newConnection.exportedInterface = [NSXPCInterface interfaceWithProtocol:@protocol(MYXPCProtocol)];     newConnection.exportedObject = self; &#9;&#9;[newConnection resume];     return YES; } /* Further down this implementation, I have implementations to all the methods in MYXPCProtocol. */ @end Now the client code (and I tried EVERY kind of client, signed unsigned, daemon, UI, root privileged, or user-scoped - whatever). For example, in the AppDelegate of a UI app: #import "AppDelegate.h" #import "MYXPCProtocol.h" @interface AppDelegate () @property (strong) IBOutlet NSWindow *window; @property (nonatomic, strong, readwrite) NSXPCConnection *connection; /* lazy initialized */ @end @implementation AppDelegate (NSXPCConnection *) connection {     if (_connection == nil) {         _connection = [[NSXPCConnection alloc] initWithMachServiceName:daemonLabel options:NSXPCConnectionPrivileged];         _connection.remoteObjectInterface = [NSXPCInterface interfaceWithProtocol:@protocol(MYXPCProtocol)];         _connection.invalidationHandler =  ^{             self->_connection = nil;             NSLog(@"connection has been invalidated");         };         [_connection resume];         /* New connections always start suspended */     }     return _connection; } (IBAction) getServiceStatus:(id)sender {     [self.connection.remoteObjectProxy getStatus:^(NSString * _Nonnull status) {         NSLog(@"MY XPC Service status is: %@", status);     }]; } @end but no matter what I do - I always get the "connection invalidated". The sample launchDaemon that works - is not code-signed at all!!! but mine, which is both signed and checking of which yields $ spctl --assess --verbose IMyDaemonApp.app IMyDaemonApp.app: accepted source=Notarized Developer ID   I'm at a loss - and would like to get any advice, or any helpful documentation (I've been reading TN2083, and man launchctl and man launchd.plist and many other pages - to no avail. There seems to be no real "programming guide" for XPC and no reasonable sample code on Apple developer site to fit my needs. Last - this is MacOS 10.15.7, and latest Xcode 12.3

Hi, I have a LaunchAgent (whose .plist is in /Library/LaunchAgents/ as expected) It is build as a single un-bundled binary, and installed away from regular user access at /Library/MyCompany/executables/ When I try to init a reference to UNUserNotificationCenter: UNUserNotificationCenter *unc = [UNUserNotificationCenter currentNotificationCenter]; I immediately have an exception, like thus: 2021-05-02 19:57:39.297823+0300 agent[12504:225879] *** Assertion failure in +[UNUserNotificationCenter currentNotificationCenter], /AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/UserNotifications/UserNotifications-281.6/UNUserNotificationCenter.m:44 2021-05-02 19:57:39.299464+0300 agent[12504:225879] [General] An uncaught exception was raised 2021-05-02 19:57:39.299518+0300 agent[12504:225879] [General] bundleProxyForCurrentProcess is nil: mainBundle.bundleURL file:///Users/mshneor/Library/Developer/Xcode/DerivedData/agent-dgvdlbtivmsjdgdkhhjwaxgrkyht/Build/Products/Debug/ Obviously the problem is bundleProxyForCurrentProcess is nil: mainBundle.bundleURL Now... I could try to bundle my agent somehow, but that's a bit awkward, and I don't know how - it's not an App, and It's not a part of any App, and I don't know about a special "Code Bundle" type (like plugins etc.) that fits a LaunchAgent. Moreover - it will never be "launched" by it's info.plist in the bundle - only via the .plist in /Library/LaunchAgents by launchd. So... is it possible to work around this? Could I somehow tell my Agent's process "Here is our main-bundle" at runtime, and provide a special bundle the agent is not embedded in? what does UNUserNotificationCenter need from main bundle? maybe I can supply this programmatically in advance? Any hint will be greatly appreciated.

Hi. I'm writing a framework, and invest a lot in commenting classes, methods, etc. My API is Objective-C, but the issue is same with Swift code too. If I follow Apple's documentation about the Markup language of code-comments, then in Xcode QuickHelp lot of my formatting simply does not show. Here are Apple docs on the matter Here is a sample of class definition comment, /*!  @brief Comprehensive set of prevention rules.  @discussion OITPreventionSettings instance encapsulates a complete set of prevention "rules" dictated and provided by Backend, controlling the behavior of ITProtector.  At any moment, there can only be a single "ruling" instance of OITPreventionSettings, assigned (synchronously and atomically) to the OITPrevention, while other instances may exist in other states of initialization/demise.  Responsibilities of the class:  *  Receive and store a "Settings JSON" from backend (either as File, String or NSDictionary)  *  Parse the settings JSON, extract relevant policy clauses, parse their array of prevention rules  *  Provide comprehensive parsing errors if rules cannot be applied.  *  Compile and own a hierarchy of OITPreventionPolicy and OITPreventionRule objects, with internal representation of the rules, that can be used to fast-decide authorization/prevention events.  *  Apply rules to Endpoint-Security event, returning both verdict (actions bit-mask), and the rule-Id responsible for the decision.  Irresponsibilities of the class:  *  to decide *when* to become the "active" settings  *  to apply itself and evaluate ES events  *  Being immutable, It can't change its policies and rules nor their internal representations. Any change of settings require a new instance of OITPreventionSettings.  */ @interface OITPreventionSettings : NSObject { } As you can see in the attached Xcode quick-help window screenshot , none of the lists appear as lists, and even line-breaks don't apply. Many other formatting rules don't show either. Is this Apple bug? my misunderstanding? what's the point in documenting something that doesn't and actually never worked?

Hi. I'm implementing UNUserNotificationCenter delegate method: userNotificationCenter(_:didReceive:withCompletionHandler:) in MacOS Big-Sur and Catalina, in order to be notified when user dismisses local notifications of my App. (we also handle UNNotificationDefaultActionIdentifier to focus our UI on the item related to the clicked notification, and we also support 2 custom actionIDs. It all basically works, and even the UNNotificationDismissActionIdentifier arrives at the delegate when user dismisses a single notification. (presses the X shaped button on the top-left). However, when we have a thread of notifications (grouped by some unique threadID, and looks like a stack onscreen) and the user presses the X and then the "Clear all" button to dismiss the whole thread -- the delegate is only called once, for one arbitrary notification in the stack, and there is no way for me to know that a whole thread was dismissed. Am I doing something wrong? Is this a limitation of the delegate protocol? Is this a bug in UNUserNotificationCenter implementation? Is there a workaround, or some trick to know that a whole bunch of notifications were dismissed? Here's my delegate code (sans irrelevant code...) // Handle notification back-actions - (void)userNotificationCenter:(UNUserNotificationCenter *)center didReceiveNotificationResponse:(nonnull UNNotificationResponse *)response          withCompletionHandler:(nonnull void (^)(void))completionHandler API_AVAILABLE(macos(10.14)) {     NSString *actionId = response.actionIdentifier;     UNNotificationRequest *request = response.notification.request;     NSString *requestId = request.identifier;     NSString *userActionIdentifier = request.content.threadIdentifier;     NSDictionary * myInfo = request.content.userInfo;     if ([actionId isEqualToString:UNNotificationDefaultActionIdentifier]) { // user opened the application from the notification         if ([self.delegate respondsToSelector:@selector(displayThread:forInfo)]) {             dispatch_async(dispatch_get_main_queue(), ^{                 [self.delegate displayThread:userActionIdentifier forInfo: myInfo];             });         }         completionHandler();         return;     }         NSString *userReply = nil;     if ([actionId isEqualToString:UNNotificationDismissActionIdentifier]) { // user dismissed the notification         os_log_debug(myLog, "Notification: %{public}@ dismissed", requestId);     }     else { // custom action         NSString *categoryId = response.notification.request.content.categoryIdentifier;         if ([categoryId isEqualToString:OITNotification.copyAction]) {             os_log_debug(myLog, "Notification: %{public}@ dismissed with custom action:%{public}@", requestId, actionId);         }         if ([categoryId isEqualToString:OITPreventionNotification.copyActionWithReply]) {             if ([actionId isEqualToString:@"other"]) {                 userReply = [(UNTextInputNotificationResponse*)response userText];                 os_log_debug(myLog, "Notification: %{public}@ User custom reply: %{public}@", requestId, userReply);             }             else {                 userReply = actionId;                 os_log_debug(myLog, "Notification: %{public}@ User Action: %{public}@", requestId, actionId);             }         }     }     if ([self.delegate respondsToSelector:@selector(notification:dismissedWithReply:)]) {         [self.delegate notification:myInfo dismissedWithReply:userReply];     }     [self removeModelIdentifiers:@[response.notification.request.identifier]];     completionHandler();     return; } Please ignore the tedious handling of custom actions - my problem is only with "Clear All" thread dismissals. I bring the code just for completeness, in the hopes that someone sees a fault I can't see --- Thank you very much.

I believe this is a general problem when writing low-level security and monitoring tools. The EndpointSecurity framework provides lots of information for the events it allows to Monitor (and/or Authorize) but all these are "kernel level" details, that usually don't allow understanding (and aggregating) low-level events according to User Intent e.g. Saving all attachments of an e-mail message from Apple Mail program to a USB-disk, will create a long series of low-level file-system events, some preliminary (touching and verifying the destination can fit the attachments) some for moving/copying, some for rounding-up, some for indexing those files on the new volume, and so on. Is it possible to somehow obtain the NSUserActivity object/instance/Identifier related to such low-level event? Is the kernel itself aware of user activities? Any hint or suggestion or strategy will be greatly appreciated